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Description 

[0001] The invention relates to a method for operating 
a conditional access system for broadcast applications, 
said conditional access system comprising a number of s 
subscribers, each subscriber having a temiinal includ- 
ing a conditional access module and a secure device for 
storing entitlements, each entitlement indicating a serv- 
ice for which the subscriber receiving the entitlement is 
entitled to watch, wherein entitlement management 
messages (EMM*s) are sent to a secure device or group 
of secure devices, said EMM's each providing an enti- 
tlement and a con-esponding expiry date, wherein the 
entitlements are refreshed periodically in accordance 
with their expiry dates by sending EMM's updating the 
expiry dates. 

[0002] Such a method is known and is for example 
used in a pay television broadcasting system. If the up- 
dating or refreshment EMM's are not received before 
the expiry date, the secure devices will not allow access 
to the service or services for which the secure devices 
were entitled. Subscribers often disconnect their termi- 
nal equipment or tune their terminal to a broadcasting 
signal on which there are no EMM's carried. In such cir- 
cumstances the refreshment EMM will not be received 
in time before the expiry date. In this manner subscrib- 
ers will be forced to wait to be entitled over the air. In 
view of bandwidth constraints and the number of enti- 
tlements and number of subscribers in the conditional 
access system, the wait time can be extensive. Typical- 
ly, if a subscriber needs to wait beyond a period of about 
thirty seconds, he will contact the subscriber manage- 
ment centre to be re-authorised. This results in a large 
number of telephone calls needed to be processed each 
time an entitlement expires unlntendedly. Consequently, 
higher operational costs arise. To improve the time 
needed to perform a refreshment of all subscribers, 
techniques such as group addressing have been devel- 
oped. Despite such developments, in case of a large 
base of subscribers, long wait times could still arise. 
These problems due to bandwidth limitations for the 
EMM messages make the operation of this type of con- 
ditional access system with positive authorisation very 
difficult with large numbers of subscribers. 
[0003] The invention aims to provide a method of the 
above-mentioned type wherein these problems of long 
wait times are avoided. 

[0004] Methods according to the invention are set out 
in claims 1 and 2. 

[0005] According to the invention a method of the 
above-mentioned type is provided, characterized in that 
a set of extension entitlement management messages 
(extension EMM's) is sent to at least a part of all secure 
devices, each message indicating that all entitlements 
having an expiry date within a predetermined first period 
are extended with a predetermined second period, 
wherein EMM's updating the expiry dates are sent after 
the extension EMM's. 



[0006] In this manner it is obtained that during the first 
period all entitlements of at least a part of all secure de- 
vices are extended by sending the extension EMM's 
during the first period to thereby extend the entitlements 
during the second period. After sending these extension 
EMM'S, the normal updating or refreshment EMM's can 
be sent for updating each entitlement at each subscriber 
individually. 

[0007] According to the invention an alternative em- 
bodiment is characterized in that each EMM comprises 
an entitlement expiry date and an entitlement receipt 
date, which dates are stored in the secure device, 
wherein a set of extension entitlement management 
messages (extension EMM's) is sent to all secure de- 
vices, each message indicating a given date from which 
all entitlements of the secure device have not changed, 
wherein if the receipt date for any entitlement is after 
said given date, all entitlements are extended with a pre- 
determined second period, wherein EMM's updating the 
expiry dates are sent after the extension EMM's. 
[0008] The invention will be further explained by ref- 
erence to the drawing showing a broadcast application 
in which an embodiment of the method of the invention 
is Implemented. 

[0009] In the broadcasting application shown, three 
broadcasters 1-3 are coupled with a multiplexer unit 4 
comprising means for scrambling, encoding and com- 
pressing broadcast signals provided by the broadcast- 
ers 1-3. The thus obtained digital data streams are mul- 
tiplexed into a digital transport stream, for example in 
accordance with the MPEG-2 standard. In the embodi- 
ment shown this digital transport stream is modulated 
by way of a modulator 5 before transmission. The oper- 
ator of the equipment including the multiplexer unit 4 and 
modulator 5 is responsible for transmitting the signal to 
the receiving equipment of the public, one television set 
6 being shown by way of example. The transmission of 
the signal may be canried out through one or more tele- 
communication channels including a satellite link 7, ter- 
restrial link 8 or a cable system 9. One or more of the 
broadcasters 1-3 may be private broadcasters operat- 
ing according to the concept of pay television, which Im- 
plies subscription. This means that people wishing to 
view programs broadcasted by a particular broadcaster, 
have to subscribe to such a broadcast, and pay the ap- 
propriate fee. 

[0010] Access to anyone of the broadcast signals pro- 
vided by the broadcasters 1-3 requires a terminal 10 
which for the subscription requiring services includes a 
conditional access module 11 and a secure device 12, 
generally provided in the form of a smart card which can 
be connected to the conditional access module 11 . The 
remaining part of the terminal 10 is known as such and 
needs not be described in detail. 
[001 1] Regarding the conditional access to the serv- 
ices requiring subscription, it is known as such to send 
entitlement management messages or EMM's and en- 
titlement control messages or ECM's to the subscribers, 
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Le. to the smarf cards 12. 

[0012] It is noted that in the present specification the 
term "service" indicates any type of program for which 
an entitlement Is needed. Including a channel, a specific 
event or any other item of interest. 
[00131 In such a conditional access system, generally 
a positive authorisation mechanism Is used for entitle- 
ment control. An EMM is sent to a smart card or a group 
of smart cards using either individual or group address- 
ing, the EMM indicating that a card is entitled to watch 
a service. Each subscriber can have a number of enti- 
tlements for different services. The entitlement structure 
generally comprises an identification or entitlement 
number and an entitlement expiry date. This information 
is stored in the smart card 12. In this manner certain 
forms of piracy are avoided. However, it is necessary to 
send refreshment EMM's updating the expiry date. If 
such a refreshment or updating EMM for a specific en- 
titlement is not received before the expiry date, the 
smart card 12 will not allow access to the service in- 
volved. In practice subscribers often disconnect their 
terminal equipment or tune their terminal to a broadcast- 
ing signal on which there are no EMM's carried. In such 
circumstances' the refreshment EMM will not be re- 
ceived in time before the expiry date. This may cause a 
large of number of telephone calls needed to be proc- 
essed at the subscriber management centre and this 
causes high operational costs. 
[0014] Even with the use of group addressing tech- 
niques a long period of time is required to update all en- 
titlements at all subscribers. As an example in a practical 
broadcast application a conditional access system may 
comprise 10 million subscribers and 120 active entitle- 
ments. With a practical capacity for EMM's of 200 Kbit/ 
s, a potential wait time of 2.5 hours before a refreshment 
EMM for a predetermined service amves, is obtained. 
[0015] According to the present invention, expiry of 
an entitlement by not receiving a refreshment EMM be- 
fore the expiry date is prevented In the following manner. 
[0016] A set of extension entitlement management 
messages or extension EMM*s is sent to the entire base 
of smart cards 12, either using group addressing or in- 
dividual addressing. Each extension EMM indicates to 
a smart card 12 that all entitlements with an expiry date 
within a predetermined first period, i.e. with an expiry 
date within a specified number of days, can remain ac- 
tive for a predetennined second period. In this manner 
the entitlements of all smart cards are extended for the 
second period. During the thus obtained period in which 
the smart cards will allow access to the services for 
which entitlements are stored, the normal updating 
EMM's can be sent to the subscribers updating the en- 
titlements of the smart cards in a normal manner for a 
next period. As the extension EMM's refer to all entitle- 
ments stored in the smart card, the extensions can be 
provided to all smart cards in a relatively short time. 
Thereafter sufficient time is available to update all indi- 
vidual subscriptions within the entire base of subscrib- 



ers. 

[0017] In case group addressing is used, all entitle- 
ments of all subscribers are first extended in the de- 
scribed manner Thereafter, individual refreshment 

5 EMM's can be forwarded, wherein these refreshment 
EMM's are first sent to those subscribers which have 
changed their subscription, for example by terminating 
or adding one or more subscriptions to specific services. 
[001 8] It Is also possible to send the extension EMM's 

10 using individual addressing, wherein those addresses 
where subscriptions have been terminated do not re- 
ceive the extension EMM's. It is further possible to add 
individual EMM's to the set of extension EMM's, wherein 
the individual EMM's update the expiry date of the un- 

15 changed subscriptions only. 

[001 9] As an alternative, an EMM could store not only 
an entitlement expiry date but also an entitlement re- 
ceipt date in the smart card. In the above-described 
manner a set of extension EMM's is sent to the entire 

20 base of smart cards 12. In this case each extension 
EMM indicates a date from which the entitlements of a 
smart card have not changed. If the entitlement receipt 
date for any entitlement is after the date provided by the 
extension EMM. the smart card extends the expiry date 

25 of any entitlement by the predetermined second period. 
[0020] In the embodiments described the conditional 
access module 11 and the secure device 12 are shown 
as physically separate devices. It will be understood that 
the conditional access module and/or the secure device 

30 can also be part of the terminal 10 or implemented in 
the terminal 10 by suitable programming. Therefore, the 
terms conditional access module 11 and secure device 
12 as used in the specification and claims are not re- 
stricted to physically separate parts. 

35 [0021] The invention is not restricted to the above-de- 
scribed embodiments which can be varied In a number 
of way within the scope of the claims. 



40 Claims 

1. Method for operating a conditional access system 
for broadcast applications, said conditional access 
system comprising a number of subscribers, each 

45 subscriber having a terminal including a conditional 
access module and a secure device for storing en- 
titlements, each entitlement indicating a service for 
which the subscriber receiving the entitlement is en- 
titled to watch, wherein entitlement management 

50 messages, EMM's, are sent to a secure device or 
group of secure devices, said EMM's each provid- 
ing an entitlement and a corresponding expiry date, 
wherein the entitlements are refreshed periodically 
in accordance with their expiry dates by sending 

55 EMM'S updating the expiry dates, characterized in 
that a set of extension entitlement management 
messages (extension EMM's) is sent to at least a 
part of all secure devices, each extension entitle- 
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ment management message indicating that ail en- 
titlements having an expiry date within a predeter- 
mined first period are extended with a predeter- 
mined second period, wherein ElVIM's updating the 
expiry dates are sent after the extension Eiy^M's. 

2. ly/lethod for operating a conditional access system 
for broadcast applications, according to the pream- 
ble of claim 1, characterized in that each EMIA 
comprises an entitlement expiry date and an enti- 
tlement receipt date, which dates are stored in the 
secure device, wherein a set of extension entitle- 
ment management messages, extension EMM's, is 
sent to all secure devices, each extension entitle- 
ment management message indicating a given date 
from which all entitlements of the secure device 
have not changed, wherein if the receipt date for 
any entitlement is after said given date, all entitle- 
ments are extended with a predetermined period, 
wherein EMM*s updating the expiry dates are sent 
after the extension EMM's. 

3. Method according to claim 1 or 2, wherein the ex- 
tension EMM*s are sent using group addressing. 

4. Method according to claim 1 or 2, wherein the ex- 
tension EMM's are sent using individual address- 
ing. 

5. Method according to any one of the preceding 
claims, wherein the set of extension EMM's com- 
prise individual EMM's for predetermined secure 
devices for which the subscription has changed, 
said individual EMM's updating the expiry date of 
the unchanged subscriptions only. 



PatentansprUche 

1. Verfahren zum Betrieb eines bedingten Zugriffsy- 
stems fQr Sendeanwendungen, wobel das bedingte 
Zugriffeystem eine Anzahl von Teilnehmem umfeftt, 
jeder Teilnehmer ein Terminal besitzt einschlieBlich 
eines bedingten Zugriffmoduls und einer sicheren 
Einrichtung zur Speicherung von Berechtigungen, 
wobei jede Berechtigung einen Service anzeigt, fur 
den der Teilnehmer, der die Berechtigung emp- 
Hngt, zur Betrachtung berechtigt ist, wobei Berech- 
tigungs-Venvaltungsnachrichten EMM*s zu einer si- 
cheren Einrichtung Oder einer Gruppe von sicheren 
Einrichtungen gesendet werden, die EMM's jeweils 
eine Berechtigung und ein entsprechendes Ablauf- 
datum vorgeben, wobei die Berechtigungen peri- 
odisch gemdii ihren Ablaufdaten aufgefrischt wer- 
. den, indem EMM*s gesendet werden. die die Ab- 
laufdaten fortschreiben, dadurch geicennzeich- 
net, daQ eine Gruppe von EnA^eitemngs-Berechti- 
gungs-Verwaltungsnachrichten (EnA/eite- 



rungs-EMM's) zu wenigstens einem Teil aller siche- 
ren Einrichtungen gesendet wird, wobei jede EoA^ei- 
terungs-Berechtigungs-Verwaltungsnachricht 
anzeigt, dad alle Berechtigungen, die ein Ablaufda- 
5 tum innerhalb einer vorbestimmten ersten Periode 
besitzen, mit einer vorbestimmten zweiten Periode 
enA^eitert sind, wobei EMM's. die die Ablaufdaten 
fortschreiben, nach den Erweiterungs-EMM*s ge- 
sendet werden. 

10 

2. Verfahren zum Betrieb eines bedingten Zugriffsy- 
stems fQr Sendeanwendungen gemdii dem Gat- 
tungsbegriff des Patentanspruches 1, dadurch ge- 
Icennzeichnet, daft jede EMM ein Berechtigungs- 

is Ablaufdatum und ein Berechtlgungs-Empfangsda- 
tum umfaftt, welche Daten in der sicheren Einrich- 
tung gespeichert werden. wobei eine Gruppe von 
Erweiterungs-Berechtigungs-VenA^altungsnach- 
richten, Enveiterungs-EMM's, zu alien sicheren 

20 Einrichtungen gesendet wird, jede En^/eiterungs- 
Berechtigungs-Venwaltungsnachricht ein vorgege- 
benes Datum anzeigt, von welchem an alle Berech- 
tigungen der sicheren Einrichtung nicht gedndert 
worden sind, wobei, wenn das Empfangsdatum fOr 

25 irgendeine Berechtigung nach dem vorgegebenen 
Datum liegt, alle Berechtigungen mit einer vorbe- 
stimmten Periode enA/eitert werden, wobei EMM*s, 
die die Ablaufdaten fortschreiben, nach den Erviel- 
terungs-EMM's gesendet werden. 

30 

3. Verfahren nach Anspruch 1 oder 2, wobei die Er- 
weiterungs-EMM's unter Venvendung von Grup- 
penadressierung gesendet werden. 

35 4. Verfahren nach Anspruch 1 oder 2, wobei die Er- 
weiterungs-EMM's unter Verwendung von individu- 
eller Adressierung gesendet werden. 

5. Verfahren nach irgendeinem der vorangehenden 
40 AnsprOche, wobei die Gruppe von Erweite- 
rungs-EMM's individuelle EMM's fQr vorbestimmte 
sichere Einrichtungen um^Kt, fQr welche das 
Abonnement gedndert hat, wobei die individuellen 
EMM'S das Ablaufdatum nur der ungeSnderten 
45 Abonnements fortschreiben. 



Revendications 

50 1 . Proc^d6 d'exploitation d'un syst^me d'accds condi- 
tionnel pour des applications de t6l6diffusion, ledit 
syst6me d'acc^s conditionnel comprenant un cer- 
tain nombre d'abonnSs, cheque abonn6 disposant 
d'un terminal comportant un module d'acc^s condl- 

55 tionnel et d'un dispositif steurisd pour mSmoriser 
des droits, chaque droit indiquant un service que 
I'abonn^ titulaire de ce droit peut regarder, dans le- 
quel des messages de gestion de droits , ou mes- 
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sages EMM. sont envoySs d un dispositif s6cuiis6 
ou d un groupe de dispositifs s6curis6s, lesdits 
messages EMM fournissant chacun un droit et une 
date d'expiration correspondante, dans lequel les 
droits sont p^riodiquement r6g6n6r6s en conform!- 5 
tS avec leurs dates d'expiration par envoi de mes- 
sages EMM mettant § jour les dates d'expiration, 
caract6rls6 en ce qu'un ensemble de messages 
de gestion de droit de prolongation (messages 
EMM de prolongation) est envoys d au molns une io 
partie de tous les dispositifs s6curis6s, chaque 
message de gestion de droit de prolongation indi- 
quant que tous les droits ayant une date d'expiration 
infSrieure d une premiere p^riode pr^d6tennin6e 
sont proiong6s d'une seconde p6riode pr6d6termi- is 
n^e, dans lequel les messages EMM mettant d jour 
les dates d'expiration sont envoy^s apr^s les mes- 
sages EMM de prolongation. 

Proc^d^ d'exploitation d'un syst^me d'accds cx)ndi- 20 
tionnel pour applications de t6l6diffusion conform6- 
ment au pr^ambule de la revendication 1 , caract6- 
ris6 en ce que chaque message EMM comprend 
une date d'expiration de droit et une date de recep- 
tion de droit, lesquelles dates sont stock^es dans 25 
le dispositif s6curis6, dans lequel un ensemble de 
messages de gestion de droits de prolongation, ou 
messages EMM de prolongation, est envoys d tous 
les dispositifs s^curisds, chaque message de ges- 
tion de droit de prolongation indiquant une date 30 
donn^e d partir de laquelle tous les droits du dispo- 
sitif s6curis6 n'ont pas vari6, dans lequel, si la date 
de reception pour un droit quelconque est ult^rieur 
d ladite date donnSe, tous les droits sont prolong6s 
d'une p^rtode pr^dStenninee, dans lequel des mes- 35 
sages EMM mettant d jour les dates d'expiration 
sont envoy^s apr^s les messages EMM de prolon- 
gation. 

Precede selon la revendication 1 ou 2, dans lequel ^0 
les messages EMM de prolongation sont envoy^s 
par utilisation d'un adressage groups. 

Precede selon la revendication 1 ou 2, dans lequel 
les messages EMM de prolongation sont envoy^s 45 
par utilisation d'un adressage individuel. 

Proc^d^ selon Tune quelconque des revendications 
pr6c6dentes, dans lequel I'ensemble de messages 
EMM de prolongation comprennent des messages $0 
EMM individuels pour des dispositifs s^curis^s pour 
lesquels I'abonnement a 6t6 modifid, lesdits mes- 
sages EMM individuels mettant d jour la date d'ex- 
piration des seuls abonnements non modifies. 
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